Skip to content

Commit

Permalink
README: Add sigstore signature verification instructions
Browse files Browse the repository at this point in the history
  • Loading branch information
@travier
travier committed Nov 24, 2023
1 parent 5a884c8 commit 2df9807
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,37 @@ The toolbox container images are based on the Fedora toolbox container image.
| [toolbox-root](https://quay.io/repository/travier/toolbox-root) | Tools useful for system administration |
| [toolbox-texlive](https://quay.io/repository/travier/toolbox-texlive) | Tools and binaries to build LaTeX based projects |

## Verifying sigstore container signatures with podman

How to configure sigstore signature verification in podman:

```
$ cat /etc/containers/registries.d/quay.io-travier.yaml
docker:
quay.io/travier:
use-sigstore-attachments: true
$ sudo restorecon -RFv /etc/containers/registries.d/quay.io-travier.yaml
$ cat /etc/containers/policy.json
...
"transports": {
"docker": {
"quay.io/travier": [
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/quay-travier-containers.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
],
...
$ sudo mkdir /etc/pki/containers
$ sudo cp quay-travier-containers.pub /etc/pki/containers/
$ sudo restorecon -RFv /etc/pki/containers
```

## License

See [LICENSE](LICENSE).

0 comments on commit 2df9807

Please sign in to comment.